Couple general questions from a newbie.

[Incognito]

Hello guys. I'm pretty unadvanced when it comes to using hashcat or "cryptography" just trying to crack some hashes mostly old Mysql 4.1/5. Got couple of questions so I can maximize my efforts.

1)So I added loopback to my command. Question is how does it work exactly. I get it loopbacks the rule on a password, I did some tests and it seem to have cracked 138 more hashes so it does work, but should I be saving the temp files that gets created with it? or should I save the new generated passwords guess, and is that even possible?

b)On a connected question, if I have a big wordlist like rockyou, that doesn't work very well on my combo. Can I run it and just save base words that were used to actually get a plain hit to reuse later?

2) What does --keep-guessing do exactly and why people use it (what's the scenario?)

3) Can I set min and max characters in password to crack. Let's say I know the passwords have to be between 4 and 16 chars, so can I only check these?

4) I'm getting quite a lot of HEX'ed plains should I use the parameter to plain them or use a outside utility. I've read on github some poc that it miss-reads passwords sometimes, not sure how accurate that still is.

5) Is it better to use one big wordlist, or should I split it? Or when would each apply.

6) The hashes I'm working on are not sure how to put it but specific? Like if I put some already crack plains into combo and run it they crack way better than something "good" like rockyou. So basically If anyone has any tips for me how can I make a good wordlist I'm happy to learn something. Not too much not crying to become a cryptographer guy just want to get each pot to 95% recovered and I be satisfied.  

Working on rtx 5080 + 9950x3d. 

Thanks)

[penguinkeeper]

1) It just takes the newly cracked passwords and passes them straight back in as a wordlist, so if you cracked "Password123" then it was looped back in, it might crack "Password1234", as an example. It's basically free cracks and you should often have it enabled

b) Rockyou isn't a particularly big wordlist but no, given rockyou is already quite a password-friendly wordlist, you shouldn't need to only save the base words, unless you want to target your wordlist against your target, but at that point you probably shouldn't be using rockyou and should be using something much larger like Hashmob's

2) Primarily for testing or collision-friendly algorithms where multiple plaintexts are possible for a single hash. It's not appropriate for your use case of "Mysql 4.1/5" and Hashcat will print a warning for hash modes that it may be helpful to use in (again, mysql not included).

3) Not really, no. You can technically do it with rejection rules but they don't work in the way you'd expect and for something like 4-16, it wouldn't make a difference, as almost all of your candidates would be between those 2 lengths anyway

4) You can use --outfile-autohex-disable if you don't want the hexing but it's usually safer to not, as the plaintext may contain dangerous stuff like unprintable chars or separators. It kinda depends what you're doing with the cracks. I'm not sure what the Github thing you're referring to is, but it shouldn't be a problem in your case

5) One big wordlist, but not too large. 20GB is at the top limit of what's possible to realistically harvest, so these 80GB/300GB wordlists out there like weakpass are mostly filled with junk and you can ignore them

6) 95% is hard for a beginner but I believe in you. Hash cracking is an art in that you really just have to get experience with it to know what to do in each situation and it's hard to recommend stuff without seeing the cracks themselves. Going to a larger/better wordlist, other than rockyou like Hashmob's is probably a good start